Nik Mokey is asking : ‘Internet privacy: have Facebook and others gone too far?‘ When too much will be too much? and yes, ‘Why are we still using Facebook, again?’ Some good questions. Of course, simply leaving Facebook is neither the solution as no one would be their to monitor.

‘Members of the US congress confronted Zuckerberg with a series of privacy questions about the sites apps’ Says TechWorld
‘Google Engineer Builds Facebook Disconnect‘ . Alexis Totsis from TechCrunch says he tried Google engineer Brian Kennish’s app: ‘Facebook Disconnect will “presumably” prevent the sending of data back to Facebook across the one million sites that use the Facebook Connect service. So far the ones I’ve tested it on (ehem, Huffington Post) seem to be kosher as I no longer see Facebook integration.”

The CDT, Center of Democracy and Technology asks: ‘Why Facebook Apps Story Is Problem For Entire Web‘ ? WSJ points to a controversial case of linking behavioral profiles to personally identifiable information. Is this new? Apparently an accidental transmission of users ID as ‘from Facebook’s point of view, this was more of a security issue than a privacy issue‘.
How all this works? Harian Yu tells us more about the technical details On Facebook Apps Leaking User Identities :
‘The content loaded by farmville.com in the iframe contains the game alongside third party advertisements. When your browser goes to fetch the advertisement, it automatically forwards to the third party advertiser “referer” information—that is, the URL of the current page that’s loading the ad. For FarmVille, the URL referer that’s sent will look something like:

The remedy : ‘could be as easy as sticking a solitary character into referring urls.‘

for the CDT, ‘industry practices and legal rules need to catch up, quickly, with clear and enforceable standards. That is why CDT supports comprehensive baseline federal privacy legislation, with adequate rule making authority for the FTC. That is also why we support strong FTC enforcement using its existing authority.‘

And yes, surely ‘browsers could be configured to stop sending along referring IDs with every HTTP request.‘

Harian Yu suggests that : ‘application developers like Zynga can simply stop including the user’s Facebook ID in the HTTP GET arguments, or they can place a “#” mark before the sensitive information in the URL so browsers don’t transmit this information automatically to third parties.‘
For more security, a proxy could be implemented to avoid real Facebook IDs to be transmitted.

ACLU had wrote a Facebook Quiz in June 2009 to help you understand what happens. Along with other privacy advocates, they wrote an open letter to Facebook to improve its privacy controls and address the issue. Facebook’s response was more denying any liability, refusing to act.

‘TRUSTe responds to Facebook privacy problems…‘ : ‘While TRUSTe certifies the privacy practices of Facebook.com, we do not certify the privacy practices of third party applications on the site like those referenced in the WSJ’s article.’ This not the impression that it gives when the logo appears everywhere on the website.
More on Facebook and the ‘app gap’ on my pearltrees (click each pearl to access the link).